On February 12 2002, Microsoft released the original version of this bulletin. In it, we detailed a work-around procedure that customers could implement to protect themselves against a publicly disclosed vulnerability. An updated version of this bulletin was released on February 15, 2002, to announce the availability of the patch for Windows 2000 and Windows XP and to advise customers that the work-around procedure is no longer needed on those platforms. Patches for additional platforms are forthcoming and this bulletin will be re-released to annouce their availability.

On March 5, 2002, Microsoft released an updated version of the bulletin annoucing the availability of a patch for Windows NT 4.0 and to advise customers that the work-around procedure is no longer needed for that platform. Patches for additional platforms are forthcoming and this bulletin will be re-released to annouce their availability.

Simple Network Management Protocol (SNMP) is an Internet standard protocol for managing disparate network devices such as firewalls, computers, and routers. All versions of Windows except Windows ME provide an SNMP implementation, which is neither installed nor running by default in any version.

A buffer overrun is present in all implementations. By sending a specially malformed management request to a system running an affected version of the SNMP service, an attacker could cause a denial of service. In addition, it is possible that he could cause code to run on the system in LocalSystem context. This could potentially give the attacker the ability to take any desired action on the system.

A patch is under development to eliminate the vulnerability. In the meantime, Microsoft recommends that customers who use the SNMP service disable it temporarily. Patches will be available shortly, at which time we will re-release this bulletin with updated details.

Mitigating factors:
- The SNMP service is neither installed nor running by default in any version of Windows.
- Standard firewalling practices recommend blocking the port over which SNMP operates (UDP ports 161 and 162). If these recommendations have been followed, the vulnerability could only be exploited by an intranet user.
- Standard security recommendations recommend against using SNMP except on trusted networks, as the protocol, by design, provides minimal security.

Vulnerability identifier: CAN-2002-0053

This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]

I can only hope that the information it does contain can be read well enough to serve its purpose.